RTOS/rtems
1
0
Fork 0
forked from Imagelibrary/rtems
Code Pull Requests Activity

2006-02-08 Thomas Rauscher <trauscher@loytec.com>

Browse Source 
PR 890/networking
	* httpd/webs.c: The webservers enters an infinite loop when a POST
	request with less data than indicated in the Content-Length header is
	received. It also consumes additional heap memory and a file
	descriptor for each invalid POST.
This commit is contained in:
Joel Sherrill
2006-02-08 16:16:42 +00:00
parent 4217b965eb
commit 2eaf499375
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpukit/ChangeLog
View File

@@ -1,3 +1,11 @@
2006-02-08 Thomas Rauscher <trauscher@loytec.com>
PR 890/networking
* httpd/webs.c: The webservers enters an infinite loop when a POST
request with less data than indicated in the Content-Length header is
received. It also consumes additional heap memory and a file
descriptor for each invalid POST.
2006-02-01 Joel Sherrill <joel@OARcorp.com>
* posix/inline/rtems/posix/cond.inl, posix/macros/rtems/posix/cond.inl,

5
cpukit/httpd/webs.c
View File

@@ -583,6 +583,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes)
return -1;
} else if (nbytes == 0) { /* EOF or No data available */
/* Bugfix for POST DoS attack with invalid content length */
if (socketEof(wp->sid)) {
websDone(wp, 0);
}
/* End of bugfix */
return -1;
} else { /* Valid data */